https://bz.apache.org/bugzilla/show_bug.cgi?id=65443
Bug ID: 65443
Summary: Allow subclassing CorsFilter
Product: Tomcat 9
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: -----
I would like to subclass the the CorsFilter to be able to provide a custom list
of allowed origins, instead of configure them from the init parameters.
Unfortunately the method isOriginAllowed uses the instance variable
allowedOrigns directly. This makes it impossible to override the available
function: getAllowedOrigins and isAnyOriginAllowed.
So i would propose the change the isOriginAllowed function from the CorsFilter
class as follows:
/**
* Checks if the Origin is allowed to make a CORS request.
*
* @param origin
* The Origin.
* @return <code>true</code> if origin is allowed; <code>false</code>
* otherwise.
*/
private boolean isOriginAllowed(final String origin) {
if (isAnyOriginAllowed()) {
return true;
}
// If 'Origin' header is a case-sensitive match of any of allowed
// origins, then return true, else return false.
return getAllowedOrigins().contains(origin);
}
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
